Oracle.E-Business.Suite.HR.OrgServer.pI.SQL.Injection

description-logoDescription

This indicates an attack attempt to exploit an Input Validation Error Vulnerability in Oracle E-Business Suite.
The vulnerability is due to use of untrusted user input to build a portion of an SQL query string. A remote, authenticated attacker can exploit this vulnerability by sending crafted requests that will be handled by the OrgServer class. Successful exploitation results in the execution of arbitrary SQL commands against the Oracle E-Business database as the APPS user, effectively allowing full system compromise.

affected-products-logoAffected Products

Oracle E-Business Suite 12.1.1-12.1.3
Oracle E-Business Suite 12.2.3-12.2.9

Impact logoImpact

System Compromise: Remote attackers can add, view, delete or modify data in the database of the affected application

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.
https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixEBS

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2020-05-06 15.838 Default_action:pass:drop
2020-05-06 15.837 Default_action:drop:pass
2020-05-06 15.836 Default_action:pass:drop
2020-04-28 15.829